From owner-freebsd-security  Wed Mar 28  8:49:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4F46437B726
	for <security@freebsd.org>; Wed, 28 Mar 2001 08:49:19 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1007 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m14iJ7Q-000CCQC@bsdie.rwsystems.net>
	for <security@freebsd.org>; Wed, 28 Mar 2001 10:48:24 -0600 (CST)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Wed, 28 Mar 2001 10:48:23 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: George.Giles@mcmail.vanderbilt.edu
Cc: security@freebsd.org
Subject: Re: account control to ssh
In-Reply-To: <OF6C0D3E65.64F1D75B-ON86256A1D.00571C45@MC.VANDERBILT.EDU>
Message-ID: <Pine.BSF.4.10.10103281044450.48139-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 28 Mar 2001 George.Giles@mcmail.vanderbilt.edu wrote:
> How would I restrict incoming ssh connections on a per user basis ?
> 
> TIA

In the /etc/sshd_config (or wherever) configuration file you can add
groups and users in allow/deny fashion like:

	AllowGroups		wheel sshuser
	AllowUser		goodguy1 goodgal2
	DenyGroups		nobody ftpuser

Don't forget the useful:

	PermitRootLogin		no

Hope this helps! - Jy@


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message